Analyse and identify where attacks are likely coming from, Computer Networking

+44 141 628 6080
[email protected]

Analyse and identify where attacks are likely coming from

Problem

You are one of the members in the CERT for MASPCo. You have recently received an incident with the following characteristics.

MASPCo CERT has just been alerts that its Apache web server, hosting https://masp.com has been unavailable for the last 5 minutes. The web server sits behind a reverse proxy, which sits behind a firewall. You host the infrastructure inside your own data centre. The data connection is provided by XYZ.com. Upon checking, you found out that the web server itself is running at 100% CPU. Attempts to connect to the web server from an external connection often result in a failure to receive any response back. You can see many, many log entries from thousands of IP addresses in your Apache log file. A small extract is below:

10.1.8.31 - [22/Jan/2012:16:00:36 +0700] "GET /search.php?q=p4yME
HTTP/1.0" 200 2326 "hEn9rY client"
10.64.21. 1 - [22/Jan/2012:16:00:36 +0700] "GET /search.php?q=p4yME
HTTP/1.0" 200 2326 "hEn9rY client"
10.1.8.32 - [22/Jan/2012:16:00:36 +0700] "GET /search.php?q=p4yME
HTTP/1.0" 200 2326 "hEn9rY client"
10.109.10.222 - [22/Jan/2012:16:00:37 +0700] "GET /search.php?q=p4yME
HTTP/1.0" 200 2326 "hEn9rY client"
10.99.1.82 - [22/Jan/2012:16:00:37 +0700] "GET /search.php?q=p4yME
HTTP/1.0" 200 2326 "hEn9rY client"

You could see some of your internal IP addresses in the 192.168.0.0 range are also attempting to connect to https://masp.com/search.php?q=p4yME hundreds of times per minutes. After some examination, you could see that these internal machines are also connected to 10.8.2.1:6667.

MASPCo's servers are hosted on 192.168.0.0/16, and attacking hosts are coming from "the rest of the Internet" on 10.0.0.0/8.

Answer the following questions:

I. Analyse and identify the category of attack being received. Justify your answer.

II. Analyse and identify where the attacks are likely coming from? Justify your answer.

III. Discuss on the countermeasures that can be implemented to stop this attack in the short term.

IV. Discuss on the solutions that you would do to lower the risk from having the same problem again.

Request for Solution File

Ask an Expert for Answer!!

Computer Networking: Analyse and identify where attacks are likely coming from

Reference No:- TGS03217121

Have a Question? (oR Write a Review)

Recent Questions Asked Computer Networking

Q : Discuss the legal position of the bank kaya berthed

Q : List the major components of email system

Q : Why martin luther king an important civil rights leader

Q : What you have learned while researching about hackers

Q : Analyse and identify where attacks are likely coming from

Q : Why fiber optic cable immune to electromagnetic interference

Q : Discuss why using functions is always a good practice

Q : Which law/regulation applies to benefits company may utilize

Q : What is the most important thing i learned personally

Why you feel unpleasantly hot and sweaty

Is lifespan psychologists are unlikely to investigate

What is a behavioral indicator related to family

Identify a true statement about validity

Provide reasons why working from a person centred

Identify a specific theory of cognitive or moral development

Problem concerning consensual sexual relationship